PHPackages sicaboy/laravel-mfa - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. sicaboy/laravel-mfa ActiveLibrary[Authentication & Authorization](/categories/authentication) sicaboy/laravel-mfa =================== A Laravel package of Multi-factor Authentication (MFA/2FA) with a middleware. 1.3(3y ago)101.2k↓75%4MITPHPPHP ^7.1|^8.0CI passing Since Apr 12Pushed 3mo ago2 watchersCompare [ Source](https://github.com/sicaboy/laravel-mfa)[ Packagist](https://packagist.org/packages/sicaboy/laravel-mfa)[ Docs](https://github.com/sicaboy/laravel-mfa)[ RSS](/packages/sicaboy-laravel-mfa/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (4)Versions (11)Used By (0) Laravel Multi-factor Authentication (MFA) / Two-factor Authentication (2FA) =========================================================================== [](#laravel-multi-factor-authentication-mfa--two-factor-authentication-2fa) [![Latest Stable Version](https://camo.githubusercontent.com/a6f3795cfbf295aff270b85090f1f47991c4816c4f05e489fabd08775d49ce8a/68747470733a2f2f706f7365722e707567782e6f72672f73696361626f792f6c61726176656c2d6d66612f762f737461626c652e737667)](https://packagist.org/packages/sicaboy/laravel-mfa)[![Total Downloads](https://camo.githubusercontent.com/63bfc863042c5e1eb119003ca42ff3f6224804a7294ce83ccc358d61a18e4c37/68747470733a2f2f696d672e736869656c64732e696f2f7061676973742f64742f73696361626f792f6c61726176656c2d6d66612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/sicaboy/laravel-mfa)[![License](https://camo.githubusercontent.com/6bf99dba9bf64bc022ef7ed8270b49b6ce7504b22a40ebf03d236fd2772dd03e/68747470733a2f2f706f7365722e707567782e6f72672f73696361626f792f6c61726176656c2d6d66612f6c6963656e73652e737667)](LICENSE.md)[![Tests](https://github.com/sicaboy/laravel-mfa/workflows/Tests/badge.svg)](https://github.com/sicaboy/laravel-mfa/actions)[![PHP Version Require](https://camo.githubusercontent.com/430da95ff7fca5e2294cc96f1a36af754f51f0f3c683465a67cbff1eac035384/687474703a2f2f706f7365722e707567782e6f72672f73696361626f792f726571756972652f706870)](https://packagist.org/packages/sicaboy/laravel-mfa)[![Packagist](https://camo.githubusercontent.com/ef3fa76e95801d9c9e5e9601d1b5f1f47b823c6d6ac254f7a73ef96515dea2c9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f73696361626f792f6c61726176656c2d6d66612e737667)](https://packagist.org/packages/sicaboy/laravel-mfa)[![GitHub issues](https://camo.githubusercontent.com/5ea99b5e086d66ff12366554710c8e52633500f705cf5a3223c087d080b00ca6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f73696361626f792f6c61726176656c2d6d66612e737667)](https://github.com/sicaboy/laravel-mfa/issues)[![GitHub stars](https://camo.githubusercontent.com/69a0f4aa34e3f31aa22e2cede5b7ad8de2b4fb6578d7b7ce66b6ff87409ca0fc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73696361626f792f6c61726176656c2d6d66612e737667)](https://github.com/sicaboy/laravel-mfa/stargazers) Introduction ------------ [](#introduction) A powerful and flexible Laravel package that provides Multi-factor Authentication (MFA) / Two-factor Authentication (2FA) middleware to secure your Laravel applications. This package was originally part of [sicaboy/laravel-security](https://github.com/sicaboy/laravel-security) and has been moved to this dedicated repository. Features -------- [](#features) - ✅ **Easy Integration** - Simple middleware-based implementation - ✅ **Email-based MFA** - Secure code delivery via email - ✅ **Multiple Auth Guards** - Support for different authentication contexts (user, admin, etc.) - ✅ **Configurable** - Flexible configuration options - ✅ **Queue Support** - Background email sending with Laravel queues - ✅ **Cache-based** - Efficient code storage and verification tracking - ✅ **Customizable Views** - Override templates to match your design - ✅ **Laravel 5.7+ Support** - Compatible with modern Laravel versions --- Note 🚀 Advertisement: Don't Want to Build Authentication From Scratch? ----------------------------------------------------------------- [](#-advertisement-dont-want-to-build-authentication-from-scratch) **Save weeks of development time with [Users.au](https://www.users.au) - a complete authentication solution for Laravel!** [![Users.au MFA Screenshot](https://camo.githubusercontent.com/b256e8e78eb5bca791ea368f81b8cd149f2df88a9821f2a1765a42c3eee652a8/68747470733a2f2f7777772e75736572732e61752f73637265656e73686f74732f6d66612e706e67)](https://camo.githubusercontent.com/b256e8e78eb5bca791ea368f81b8cd149f2df88a9821f2a1765a42c3eee652a8/68747470733a2f2f7777772e75736572732e61752f73637265656e73686f74732f6d66612e706e67) ### Why Choose Users.au? [](#why-choose-usersau) - 🎯 **Ready-to-use Authentication** - Complete user management system - 🔐 **Built-in MFA/2FA** - No need for additional packages - ⚡ **Laravel Integration** - Seamless setup with your existing Laravel app - 🆓 **Free to Start** - Get started without any upfront costs - 🛠️ **Developer-friendly** - Multiple integration options ### Get Started in Minutes: [](#get-started-in-minutes) #### Option 1: Laravel Starter Kit (Fastest) [](#option-1-laravel-starter-kit-fastest) ``` git clone https://github.com/Users-au/laravel-starter-kit.git cd laravel-starter-kit composer install ``` #### Option 2: Add to Existing Laravel App [](#option-2-add-to-existing-laravel-app) ``` composer require users-au/laravel-client ``` #### Option 3: Socialite Integration [](#option-3-socialite-integration) ``` composer require users-au/socialite-provider ``` ### Resources: [](#resources) - 🌐 **Website**: - 📦 **Laravel Starter Kit**: - 🔧 **Laravel Package**: - 🔑 **Socialite Provider**: *Skip the complexity of building authentication from scratch and focus on what makes your app unique!* --- Installation ------------ [](#installation) ### Requirements [](#requirements) - PHP 7.1+ or 8.0+ - Laravel 5.7+ - [Composer](https://getcomposer.org) ### Install via Composer [](#install-via-composer) ``` composer require sicaboy/laravel-mfa ``` ### Publish Configuration and Views [](#publish-configuration-and-views) ``` php artisan vendor:publish --provider="Sicaboy\LaravelMFA\LaravelMFAServiceProvider" ``` This will publish: - Configuration file: `config/laravel-mfa.php` - View templates: `resources/views/vendor/laravel-mfa/` ### Service Provider Registration (Laravel < 5.5) [](#service-provider-registration-laravel--55) If you're using Laravel < 5.5, manually register the service provider in `config/app.php`: ``` 'providers' => [ // ... Sicaboy\LaravelMFA\LaravelMFAServiceProvider::class, ], ``` Usage ===== [](#usage) Basic Usage ----------- [](#basic-usage) Protect your routes by applying the `mfa` middleware: ``` // Protect individual routes Route::get('/dashboard', 'DashboardController@index')->middleware('mfa'); // Protect route groups Route::middleware(['mfa'])->group(function () { Route::get('/admin', 'AdminController@index'); Route::get('/profile', 'ProfileController@show'); }); ``` Multiple Authentication Guards ------------------------------ [](#multiple-authentication-guards) If you use multiple authentication guards (e.g., separate user and admin authentication), specify the guard group: ``` // For admin routes Route::middleware(['mfa:admin'])->group(function () { Route::get('/admin/dashboard', 'Admin\DashboardController@index'); }); ``` Configure the corresponding group in `config/laravel-mfa.php`: ``` return [ 'default' => [ // Default configuration... ], 'group' => [ 'admin' => [ // Example, when using middleware 'mfa:admin'. Attributes not mentioned will be inherit from `default` above 'login_route' => 'admin.login', 'auth_user_closure' => function() { return \Encore\Admin\Facades\Admin::user(); }, ], 'other_name' => [ // Middleware 'mfa:other_name' ... ] ], ]; ``` Configuration Options --------------------- [](#configuration-options) ### Email Configuration [](#email-configuration) Configure email settings in `config/laravel-mfa.php`: ``` 'email' => [ 'queue' => true, // Enable queue for background sending 'template' => 'laravel-mfa::emails.authentication-code', 'subject' => 'Your Authentication Code', ], ``` ### Code Expiration [](#code-expiration) Set how long verification codes remain valid: ``` 'code_expire_after_minutes' => 10, // Default: 10 minutes ``` Queue Configuration ------------------- [](#queue-configuration) For applications with queue workers running, enable background email sending: ``` return [ 'default' => [ 'email' => [ 'queue' => true, // Enable queue processing ] ] ]; ``` Make sure your queue worker is running: ``` php artisan queue:work ``` API Responses ------------- [](#api-responses) The middleware provides JSON responses for API requests: - **403** - User not authenticated - **423** - MFA verification required ``` { "error": "MFA Required", "url": "/mfa/generate?group=default" } ``` Testing ------- [](#testing) Run the test suite: ``` composer test ``` Or run PHPUnit directly: ``` ./vendor/bin/phpunit ``` Security Considerations ----------------------- [](#security-considerations) - Codes expire after the configured time limit (default: 10 minutes) - Verification status is cached to prevent replay attacks - Email delivery can be queued for better performance - Multiple authentication contexts are supported Roadmap ------- [](#roadmap) - ✅ Email-based MFA - 🔄 SMS-based MFA - 🔄 TOTP/Authenticator app support - 🔄 User-specific MFA settings - 🔄 Backup codes Contributing ------------ [](#contributing) We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details. ### Development Setup [](#development-setup) 1. Clone the repository: ``` git clone https://github.com/sicaboy/laravel-mfa.git cd laravel-mfa ``` 2. Install dependencies: ``` composer install ``` 3. Run tests: ``` composer test ``` ### Running Tests [](#running-tests) ``` # Run all tests composer test # Run tests with coverage ./vendor/bin/phpunit --coverage-html build/coverage # Run specific test file ./vendor/bin/phpunit tests/Unit/MFAHelperTest.php # Run specific test method ./vendor/bin/phpunit --filter testGetConfigByGroupReturnsGroupConfig ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. Support ------- [](#support) - **Issues**: [GitHub Issues](https://github.com/sicaboy/laravel-mfa/issues) - **Documentation**: This README and inline code documentation - **Email**: Credits ------- [](#credits) - [David Shen](https://github.com/sicaboy) - [All Contributors](../../contributors) ### Health Score 43 — FairBetter than 91% of packages Maintenance53 Moderate activity, may be stable Popularity26 Limited adoption so far Community12 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor1 Top contributor holds 97.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~138 days Recently: every ~252 days Total 9 Last Release 1116d ago PHP version history (3 changes)1.0PHP ~5.6|~7.0 1.2.2PHP ^7.1|^8 1.3PHP ^7.1|^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/0e2951851fcef464f5f5745cac87603ddd3675ba9f92623c5156a6073e499e28?d=identicon)[sicaboy](/maintainers/sicaboy) --- Top Contributors [![sicaboy](https://avatars.githubusercontent.com/u/2426114?v=4)](https://github.com/sicaboy "sicaboy (37 commits)")[![rhynodesigns](https://avatars.githubusercontent.com/u/2198266?v=4)](https://github.com/rhynodesigns "rhynodesigns (1 commits)") --- Tags 2fafactor-authenticationlaravelmfamiddlewarelaravelsecurityAuthentication2fatwo-factorMFA2-Factormulti-factor ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/sicaboy-laravel-mfa/health.svg) ``` [![Health](https://phpackages.com/badges/sicaboy-laravel-mfa/health.svg)](https://phpackages.com/packages/sicaboy-laravel-mfa) ``` ### Alternatives [laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[remotemerge/totp-php Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration. 2010.2k](/packages/remotemerge-totp-php)[thecodework/two-factor-authentication Two Factor Authentication (2FA) for Laravel 225.5k](/packages/thecodework-two-factor-authentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)